Why Security Logs Are Key in the New SEC Regulations

New SEC breach disclosure regulations will make balancing cybersecurity and compliance even more challenging for public companies. Consolidating all log information in a centralized, AI-enabled repository can provide the advanced analytics and decision-support capabilities needed to meet many of the regulation requirements, discusses George Gerchow of Sumo Logic.

Organizations often view cybersecurity as a balance between technology, resources, budgets, and regulatory compliance. The U.S. Securities and Exchange Commission (SEC) recently announcedOpens a new window cybersecurity disclosure and reporting regulations, making juggling this act much harder for public companies.

The new SEC rules are designed to provide investors with ‘more consistent,Opens a new window decision-useful disclosures of cybersecurity incidents from public companies. To remain in compliance, companies will need to refine both their short-term threat response readiness and ongoing disclosure and governance capabilities.

Security log management and analytics will be a cornerstone of these initiatives. Consolidating all log information in a centralized, AI-enabled repository provides the advanced analytics and decision-support capabilities needed to meet many of the SEC requirements. 

The New SEC Guidelines: The Highlights

In 2022, the SEC almost doubled the size of its Cyber Unit, declaring that ‘cyber-related threats continue to pose existential risks to our financial markets and participants.Opens a new window The new 2023 regulations, designed to provide greater protection and transparency to investors, will require companies to: 

• Disclose via an updated 8-K form whether they determined any cybersecurity incident to be material. They may also be compelled to document the material aspects of the incident’s ‘nature, scope, and timing, as well as its material impact or reasonably likely material impact on the registrant.’
• Periodically disclose the company’s cybersecurity risk management, strategy, and governance in annual reports.

The new regulations will drive organizations to re-evaluate how they uncover vulnerabilities and breaches, their reporting protocols, and their overall level of cybersecurity expertise. According to PWCOpens a new window , at least some are not prepared for the transition, as ’many companies are not ready today to reveal their cyber capabilities to the extent that the new rule requires.’

See More: How To Embrace Prioritized Actions for Tactical Risk Reduction

Addressing Time and Materiality Requirements

In the past, no regulatory guidelines mandated specific timeframes for companies to report cybersecurity incidents. The SEC’s introduction of the four-day reporting requirement is game-changing. However, there has yet to be a consensus around when the clock starts running on those four days. 

Similarly, the SEC states that companies should ‘consider the materiality of cybersecurity risks and incidents when preparing their filings,’ but what constitutes materiality is left for companies to interpret.  

Faced with these ambiguities, organizations will need to establish their own risk reduction standards based on three priorities: 

1. Speed and efficiency: How quickly can potential incidents be identified, assessed, and remediated?
2. Communications and collaboration: Are the right executives and stakeholders sharing access to real-time, actionable security data?
3. Effective governance: Is a documented ‘incident playbook’ in place that incorporates the SEC reporting requirements?

The Importance of Security Logs

Centralized security logs are critical to achieving these three priorities. For example, by feeding existing security application logs directly into a cloud-native SIEM with advanced analytics capabilities, security teams can quickly determine the severity and scope of potential incidents.

Using relationship graphs, integrated dashboards and automated notifications can also help analysts understand the scope of detected threats and provide their organizations with the information needed to determine the materiality of the cybersecurity incident.

Addressing New SEC Requirements

Capturing all security log information in a centralized, secure repository with advanced analytics capabilities could be considered foundational to all other elements of the security and compliance response. AI-enabled, centralized security logs offer many key benefits that will support the SEC compliance requirements, including:

• Streamlined, centralized monitoring: Monitoring logs from a single, consolidated location simplifies the monitoring process. Security teams can access real-time log data and suspicious activity alerts, quickly identifying threats and deploying immediate, targeted responses.
• A single, holistic infrastructure view: Consolidating logs from many applications, systems, and devices provides greater visibility and a 360-degree view of an organization’s IT environment. This single view helps security teams identify patterns and anomalies that might otherwise go unnoticed. 
• Enhanced incident detection: Centralized log management allows analysts to use advanced correlation and analysis techniques to associate events across different sources and identify complex security incidents. This proactive approach can speed security threat assessment and resolution. 
• More efficient responses: Analytics-capable log repositories can help security teams trace attack paths, identify affected systems, and assess potential damages — all keys to delivering more targeted and successful incident responses.
• Better forensic analysis: Greater transparency requirements mean that organizations will need to provide more detailed post-incident analysis to internal and external stakeholders. Centralized logs help analysts reconstruct pre-incident events to help eliminate vulnerabilities and even support potential litigation.
• Auditing and compliance: The new SEC rules will become more clearly defined over time, leading to strict reporting and standards adherence guidelines. These guidelines will almost certainly include collecting and retaining logs for auditing purposes — tasks made much easier with centralized log management tools. 
• Consolidated reporting: Centralized logs can produce consolidated reporting to provide a detailed overview of security incidents. This helps analysts identify trends and patterns while simplifying reporting for compliance purposes.
• More effective collaboration: Depending on the nature of the security incident, several teams across the organization may be involved in a coordinated incident response. Centralized log management provides a shared, common platform view and reporting to promote collaboration. 

Preparing for What Comes Next

There are still uncertainties surrounding the SEC’s new regulations. For example, how should companies determine if an incident is actually defined as a breach? Is it deemed material based on the SEC rules? When does the clock start for the four-day reporting requirements?

Companies that don’t take the new regulations seriously could risk hefty fines, loss of customer trust, or worse. A better approach involves thoroughly reviewing their entire security infrastructure to ensure it incorporates security best practices, ongoing training, and standardized reporting. Centralized log management is a best-in-class technology that can help many organizations meet the challenge of the new SEC rules.

What do the new SEC cybersecurity disclosure regulations mean for your organization? Share with us on FacebookOpens a new window , XOpens a new window , and LinkedInOpens a new window . We’d love to hear from you!

Image Source: Shutterstock

MORE ON SECURITY LOGS

• How Automated Kubernetes Audit Log Monitoring Can Harden Container Security
• What Is SIEM (Security Information and Event Management)? Meaning, Tools, and Importance
• How to Optimize IT With Centralized Log Management